One or more aspects relate, in general, to processing within a computing environment, and in particular, to processing associated with secure message transmission.
Secure message transmission in an electronic information processing context involves encryption and decryption of messages, as well as authentication. A message is encrypted by the sender prior to transmission to ensure that inspection of the encrypted message does not reveal its true content to a third party. On the other hand, a message is decrypted by a recipient to reveal the original content. Additionally, message authentication ensures that the content of the message provided by the sender has not been accidentally or maliciously altered during transmission. Thus, the message received is, in fact, the same as that which was sent.
Authentication is often performed by examining the bits of the message, and using a hashing algorithm to produce a message digest (sometimes referred to as an authentication tag, or simply, a hash) from the examined bits. The security strength of a hashing algorithm (that is, the algorithm's resistance to collision, preimage, and secondary preimage attacks) is indicated by the size of the message digest produced.
The National Institute of Standards and Technology (NIST, in the United States of America) adopted standards for two families of secure hashing algorithms: SHA-1: Digest length of 160 bits, and SHA-2: Digest lengths of 224, 256, 384 and 512 bits (and combinations thereof).
The SHA-1 and SHA-2 algorithms begin with a deterministic nonzero hash tag—called an initial chaining value (ICV)—that is repeatedly permuted by each successive block of the message (the size of a message block is either 64 or 128 bytes). Each permutation produces an output chaining value (OCV) that is used as the ICV for the subsequent permutation. When all full blocks of the message have been processed, the final short block (or null block if no short block remains) is padded up to the full message length, and the last block is used to permute the ICV one final time to produce the resulting message digest (i.e., the tag). Padding is performed once for the message.
Since padding is to be performed once, processing associated with such padding is to be facilitated.